summaryrefslogtreecommitdiff
path: root/source4/kdc
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-11-15 08:41:16 +1100
committerAndrew Tridgell <tridge@samba.org>2010-11-15 00:13:59 +0000
commit2d7dc86b5d339986f3c645917a29810d6b33bebf (patch)
tree8804be26a6420b04e613ed996d1bc8d18c408015 /source4/kdc
parentef7f4a142068757dcf0dc11c5b7cf03755be45a8 (diff)
downloadsamba-2d7dc86b5d339986f3c645917a29810d6b33bebf.tar.gz
samba-2d7dc86b5d339986f3c645917a29810d6b33bebf.tar.bz2
samba-2d7dc86b5d339986f3c645917a29810d6b33bebf.zip
s4-kdc: if "bind interfaces only" is false, then also listen on wildcard
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 15 00:13:59 UTC 2010 on sn-devel-104
Diffstat (limited to 'source4/kdc')
-rw-r--r--source4/kdc/kdc.c64
1 files changed, 44 insertions, 20 deletions
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 2a90ea5a27..f8e9b02fa5 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -435,7 +435,8 @@ static NTSTATUS kdc_add_socket(struct kdc_server *kdc,
const char *name,
const char *address,
uint16_t port,
- kdc_process_fn_t process)
+ kdc_process_fn_t process,
+ bool udp_only)
{
struct kdc_socket *kdc_socket;
struct kdc_udp_socket *kdc_udp_socket;
@@ -457,18 +458,21 @@ static NTSTATUS kdc_add_socket(struct kdc_server *kdc,
return status;
}
- status = stream_setup_socket(kdc->task->event_ctx,
- kdc->task->lp_ctx,
- model_ops,
- &kdc_tcp_stream_ops,
- "ip", address, &port,
- lpcfg_socket_options(kdc->task->lp_ctx),
- kdc_socket);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("Failed to bind to %s:%u TCP - %s\n",
- address, port, nt_errstr(status)));
- talloc_free(kdc_socket);
- return status;
+ if (!udp_only) {
+ status = stream_setup_socket(kdc->task,
+ kdc->task->event_ctx,
+ kdc->task->lp_ctx,
+ model_ops,
+ &kdc_tcp_stream_ops,
+ "ip", address, &port,
+ lpcfg_socket_options(kdc->task->lp_ctx),
+ kdc_socket);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("Failed to bind to %s:%u TCP - %s\n",
+ address, port, nt_errstr(status)));
+ talloc_free(kdc_socket);
+ return status;
+ }
}
kdc_udp_socket = talloc(kdc_socket, struct kdc_udp_socket);
@@ -512,6 +516,9 @@ static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc, struct loadparm_c
TALLOC_CTX *tmp_ctx = talloc_new(kdc);
NTSTATUS status;
int i;
+ uint16_t kdc_port = lpcfg_krb5_port(lp_ctx);
+ uint16_t kpasswd_port = lpcfg_kpasswd_port(lp_ctx);
+ bool done_wildcard = false;
/* within the kdc task we want to be a single process, so
ask for the single process model ops and pass these to the
@@ -524,22 +531,39 @@ static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc, struct loadparm_c
num_interfaces = iface_count(ifaces);
+ /* if we are allowing incoming packets from any address, then
+ we need to bind to the wildcard address */
+ if (!lpcfg_bind_interfaces_only(lp_ctx)) {
+ if (kdc_port) {
+ status = kdc_add_socket(kdc, model_ops,
+ "kdc", "0.0.0.0", kdc_port,
+ kdc_process, false);
+ NT_STATUS_NOT_OK_RETURN(status);
+ }
+
+ if (kpasswd_port) {
+ status = kdc_add_socket(kdc, model_ops,
+ "kpasswd", "0.0.0.0", kpasswd_port,
+ kpasswdd_process, false);
+ NT_STATUS_NOT_OK_RETURN(status);
+ }
+ done_wildcard = true;
+ }
+
for (i=0; i<num_interfaces; i++) {
const char *address = talloc_strdup(tmp_ctx, iface_n_ip(ifaces, i));
- uint16_t kdc_port = lpcfg_krb5_port(lp_ctx);
- uint16_t kpasswd_port = lpcfg_kpasswd_port(lp_ctx);
if (kdc_port) {
status = kdc_add_socket(kdc, model_ops,
- "kdc", address, kdc_port,
- kdc_process);
+ "kdc", address, kdc_port,
+ kdc_process, done_wildcard);
NT_STATUS_NOT_OK_RETURN(status);
}
if (kpasswd_port) {
status = kdc_add_socket(kdc, model_ops,
- "kpasswd", address, kpasswd_port,
- kpasswdd_process);
+ "kpasswd", address, kpasswd_port,
+ kpasswdd_process, done_wildcard);
NT_STATUS_NOT_OK_RETURN(status);
}
}
@@ -788,7 +812,7 @@ static void kdc_task_init(struct task_server *task)
status = IRPC_REGISTER(task->msg_ctx, irpc, KDC_CHECK_GENERIC_KERBEROS,
kdc_check_generic_kerberos, kdc);
if (!NT_STATUS_IS_OK(status)) {
- task_server_terminate(task, "nbtd failed to setup monitoring", true);
+ task_server_terminate(task, "kdc failed to setup monitoring", true);
return;
}